GRC Analyst

Senior GRC Analyst - Security & Compliance

LHH Recruitment Solutions is partnering with a high-growth, cloud-native SaaS organization to identify a Senior GRC Analyst to support and scale their security and compliance function.

This role offers a unique opportunity to take ownership of a growing governance, risk, and compliance program within an innovative technology environment. The organization is building advanced, cloud-based products on Azure, with security and trust at the core of its platform. The Senior GRC Analyst will play a critical role in developing and operationalizing compliance frameworks, driving audit readiness, and establishing scalable, repeatable processes.

This is an ideal opportunity for a GRC professional who is motivated to build and mature a program, work cross-functionally with engineering teams, and gain strong visibility with leadership.

Preferred Office Alignment: San Francisco, CA


Employment Type: Contract (5+ months)


Pay Rate: $65-$85/hr (DOE)

Key Responsibilities

• Own and manage the Information Security Management System (ISMS), including policies, control frameworks, risk registers, vendor management, and Statement of Applicability.
  
  
• Lead ISO 27001:2022 and SOC 2 Type II initiatives end-to-end, including readiness assessments, evidence collection, control testing, remediation tracking, and audit coordination.
  
  
• Support the development and implementation of an ISO 42001 (AI management system) program alongside existing compliance frameworks.
  
  
• Serve as the primary point of contact for external auditors, managing audit timelines, evidence requests, and engagement logistics (e.g., Stage 1/Stage 2 audits, SOC 2 Type II).
  
  
• Administer and optimize the organization's GRC platform (e.g., Vanta, Drata, OneTrust), including control mapping, automated evidence collection, and monitoring control effectiveness.
  
  
• Conduct risk assessments, vendor risk reviews, and support security initiatives such as penetration testing, vulnerability disclosures, and bug bounty programs.
  
  
• Partner closely with engineering and technical teams to translate regulatory and compliance requirements into practical, scalable controls within an Azure-based environment.
  
  
• Support customer trust initiatives, including completion of security questionnaires, RFP responses, and maintenance of trust center documentation.
  
  

Qualifications

• 4+ years of experience in GRC, information security compliance, or IT audit, including participation in at least one full certification or audit cycle.
  
  
• Demonstrated hands-on experience with ISO 27001 and SOC 2 frameworks, including evidence management, auditor interaction, and remediation efforts.
  
  
• Familiarity with cloud security controls, preferably within Microsoft Azure environments.
  
  
• Experience working with GRC platforms such as Vanta, Drata, OneTrust, or similar tools.
  
  
• Strong skills in risk assessment, control design, and written communication.
  
  

Preferred Qualifications

• Exposure to AI governance frameworks (e.g., ISO 42001, NIST AI RMF) and AI security standards (e.g., OWASP LLM Top 10, MITRE ATLAS).
  
  
• Knowledge of data privacy regulations such as GDPR, particularly in relation to employee data.
  
  
• Relevant certifications such as ISO 27001 Lead Implementer or Lead Auditor, CISA, CRISC, CISSP, or CCSK.
  
  
• Experience in early-stage or high-growth SaaS environments.
  
  

Benefit Offerings:

Benefit offerings include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, EAP program, and 401K plan. Our program provides employees the flexibility to choose the type of coverage that meets their individual needs. Available paid leave may include Paid Sick Leave, where required by law; any other paid leave required by Federal, State, or local law; and Holiday pay upon meeting eligibility criteria.

Equal Opportunity Employer/Veterans/Disabled

To read our Candidate Privacy Information Statement, which explains how we will use your information, please navigate t o

The Company will consider qualified applicants with arrest and conviction records in accordance with federal, state, and local laws and/or security clearance requirements, including, as applicable:

• The California Fair Chance Act
  
  
• Los Angeles City Fair Chance Ordinance
  
  
• Los Angeles County Fair Chance Ordinance for Employers
  
  
• San Francisco Fair Chance Ordinance
  
  

Pay Details: $65.00 to $85.00 per hour

Search managed by: Scott McKeen


Benefit offerings available for our associates include medical, dental, vision, life insurance, short-term disability, additional voluntary benefits, EAP program, commuter benefits and a 401K plan. Our benefit offerings provide employees the flexibility to choose the type of coverage that meets their individual needs. In addition, our associates may be eligible for paid leave including Paid Sick Leave or any other paid leave required by Federal, State, or local law, as well as Holiday pay where applicable.


Equal Opportunity Employer/Veterans/Disabled

Military connected talent encouraged to apply

To read our Candidate Privacy Information Statement, which explains how we will use your information, please navigate to

The Company will consider qualified applicants with arrest and conviction records in accordance with federal, state, and local laws and/or security clearance requirements, including, as applicable:

• The California Fair Chance Act
• Los Angeles City Fair Chance Ordinance
• Los Angeles County Fair Chance Ordinance for Employers
• San Francisco Fair Chance Ordinance

Massachusetts Candidates Only: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.